[Pcsclite-cvs-commit] r5848 - /trunk/PCSC/src/readerfactory.c

rousseau at users.alioth.debian.org rousseau at users.alioth.debian.org
Wed Jul 6 19:52:13 UTC 2011


Author: rousseau
Date: Wed Jul  6 19:52:13 2011
New Revision: 5848

URL: http://svn.debian.org/wsvn/pcsclite/?sc=1&rev=5848
Log:
RFAddReader(): use safer snprintf() instead of sprintf()

coverity: Event secure_coding: [VERY RISKY]. Using "sprintf" can cause a
buffer overflow when done incorrectly. Because sprintf() assumes an
arbitrarily long string, callers must be careful not to overflow the
actual space of the destination. Use snprintf() instead, or correct
precision specifiers.

Modified:
    trunk/PCSC/src/readerfactory.c

Modified: trunk/PCSC/src/readerfactory.c
URL: http://svn.debian.org/wsvn/pcsclite/trunk/PCSC/src/readerfactory.c?rev=5848&op=diff
==============================================================================
--- trunk/PCSC/src/readerfactory.c (original)
+++ trunk/PCSC/src/readerfactory.c Wed Jul  6 19:52:13 2011
@@ -352,7 +352,7 @@
 		(void)strlcpy(tmpReader,
 			sReadersContexts[dwContext]->readerState->readerName,
 			sizeof(sReadersContexts[dwContextB]->readerState->readerName));
-		sprintf(tmpReader + strlen(tmpReader) - 2, "%02X", j);
+		snprintf(tmpReader + strlen(tmpReader) - 2, 3, "%02X", j);
 
 		sReadersContexts[dwContextB]->library =
 			sReadersContexts[dwContext]->library;




More information about the Pcsclite-cvs-commit mailing list